Senior Cybersecurity Analyst – CMMC & DoD Compliance

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience.
• 5+ years of cybersecurity experience in regulated or government‑contract environments.
• Experience supporting federally regulated cybersecurity requirements.
• Experience preparing for third‑party or government assessments.
• Ability to translate and communicate DoD cybersecurity requirements for application teams.
• Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes.
• Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation.
• Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics.
• Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls.
• Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting.
• SIEM/logging: ability to define log requirements, validate ingestion/retention, produce audit-ready log evidence, and explain detections and response workflows.
• Practical experience with the following: Working knowledge of FAR and DFARS cybersecurity clauses, including contractor responsibilities for safeguarding CUI and incident reporting.
• Understanding of government system authorization concepts, shared responsibility models, and secure enclave design.
• Experience supporting cybersecurity requirements within defense programs, manufacturing, engineering, or supply‑chain environments.
• Experience with secure enclave design, CUI boundary segmentation, or regulated environments in automotive/manufacturing/supply chain contexts.

Nice To Haves

• Cloud Security (AWS/Azure/GCP—at least one strongly preferred)
• Cloud IAM: conditional access concepts, identity federation, role assignments, privileged identity workflows (e.g., JIT/PIM), access key hygiene.
• Cloud security posture: policy-as-code fundamentals, CSPM findings interpretation, configuration drift awareness, secure landing zone concepts.
• Cloud logging & monitoring: CloudTrail / Activity Logs, log routing to SIEM, retention/immutability considerations, alerting and response integration.
• Data protection: encryption at rest/in transit, key management (KMS/Key Vault), secret management, secure storage access patterns.
• Network controls in cloud: security groups/NSGs, route tables, private endpoints, egress controls, segmentation principles.

Responsibilities

• Drive the overall governance for government programs.
• Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings.
• Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness.
• Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments.
• Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection.
• Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements.